2020 has been a daunting year. Countries around the globe continue to grapple with the COVID-19 pandemic and organizations and security teams are being forced to adapt to a new normal.
The challenges of this new environment have served as a catalyst for bad actors and as a result, critical infrastructure and industrial environments have been under attack. Earlier this year, the United States was hit by one of the most significant cyber attacks in recent years.
On December 13, the Cybersecurity and Infrastructure Security Agency warned of active exploitation of SolarWinds Orion Platform. According to reports, multiple government agencies were breached through SolarWinds software. The affected software is also widely used in the electricity, oil and gas, and manufacturing sectors.
“This attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software,” SolarWinds said in a statement. “In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.”
The SolarWinds attack is only the latest targeting industrial enterprises in recent months. In October, industrial cybersecurity company Claroty released a report looking at the impact of COVID-19 on industrial enterprises. According to the report, a majority of U.S. industrial enterprises have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic.
“We see that attackers are trying to take advantage,” says Grant Geyer, Claroty’s chief product officer. “Whether it’s ransomware or nation state sponsored activity, because of COVID, we’re more at risk than we’ve ever been before to an attack on critical infrastructure.”
The COVID-19 pandemic has forced many operations to go remote and while critical infrastructure and industrial environments are often unable to run entirely remotely, many operations are investing in remote access.
“COVID has accelerated the organizational need to provide remote access,” Geyer says. “I’ve personally talked to CISOs or OT leaders in 15 different organizations over the past two months. The heterogeneity of their populations have not changed…But what has changed is that there’s a premium on if it can be done remote, it should be done remote, just for health and safety reasons. That doesn’t mean all on prem access has stopped, but it’s become a more prevalent means of working given the COVID challenges.”
According to Claroty’s research, 70 percent of those industrial control system vulnerabilities disclosed in the first half of 2020 can be exploited remotely. Their research also indicates that 70 percent of organizations have seen cyber criminals using new tactics to target them.
“Knowing that there’s an increased need for remote access, attackers are going after VPNs as a point of entry into the environment,” Geyer says. “What that means is there’s a greater need to ensure that a user is who they claim to be. There’s a greater challenge to ensure that you can audit what users are doing. And as some of these technologies, like VPNs, are becoming a soft spot for hackers, it’s providing some degree of checks and balances. Even if a user is who they claim to be, you want to watch what they’re doing in the environment to make sure there isn’t an insider threat or to make sure there isn’t malware sneaking into the environment from their laptop.”
With this in mind, earlier this year, Claroty added remote incident management to its operational technology security platform. This helps cybersecurity teams to detect, investigate, and respond to security incidents on OT networks from any location.
Claroty wasn’t alone in expanding its offerings to help organizations handle the new security challenges facing critical infrastructure and industrial environments. Earlier this year, industrial cybersecurity company Xage Security announced a new remote access solution powered by a unique zero-trust approach for industrial operations.
“Organizations have been forced to rely on their remote access capabilities like never before,” says Duncan Greatwood, CEO of Xage Security. “As a result, they need granular control over system access and data sharing internally and among partners. Adequate identity and access management (IAM) has become necessary to ensure that specific rights are controlled down to the individual users, and machines. Because traditional network-isolation-based and high-trust-based security approaches have proved to be too limiting, too vulnerable, and too difficult to manage for today’s remote environments, operators have also started to turn towards a zero-trust approach.”
According to Xage, the FBI reported a 400 percent increase in cyber crimes reported amid the pandemic, and INTERPOL has reported a significant shift in targeting corporations, governments, and critical infrastructure during this time. To combat the growing risk, the company provides a zero-trust identity-based remote access solution for users, applications, and machines, across field, control center, datacenter, and cloud environments.
“With the application of zero-trust principles in IT and OT starting to pick up steam, organizations are also moving away from single point of failure architectures,” Greatwood says. “A zero-trust approach gives operators the ability to limit the rights of specific users and components, giving them only what they need. For example, a monitoring agent on a server would be able to measure disk utilization, but would not be able to disable the local malware scanner. By enforcing granular zero-trust access control, the strategy blocks attacks before they even happen. Looking ahead, as malicious actors become more and more creative, it’s critical for companies to deploy security solutions that eliminate traditional single points of attack to mitigate widespread disruptions.”
New solutions like those offered by Claroty and Xage Security can help those running critical infrastructure and industrial environments adjust to the new challenges 2020 has thrown at them. In addition to these measures, operations are advised to practice good security hygiene.
“What we’ve seen for years is good security hygiene, keeping systems patched and up to date, moving to multi-factor authentication wherever you can, isolating systems from internet access, and really putting good controls between people and critical systems, significantly reduces the chances of anything happening,” says Todd Inskeep, a certified information systems security professional.
Looking ahead to 2021, Inskeep says cybersecurity efforts will need to start at the source, with manufacturers making industrial control systems more secure.
“I think industrial control systems are going to have to continue to be hardened and provide more security, I think we’ve seen organizations starting to hire chief product security officers related to the companies that build industrial control systems. They’re starting to implement a series of controls that have been agreed to internationally as standards for the way you build systems,” Inskeep says. “I think we’ll continue to see organizations providing more secure solutions. It’s incumbent on the manufacturers to recognize that the way they’ve always done business is not going to be able to continue without putting security controls in place.”